Anttech said:
OSX does not have any where near the amount of security documentation than LINUX (yes I said it) and Windows...
OSX is NOT Linux it is NOT BSD... It may have components of BSD at lower levels, HOWEVER viruses/Worms/Vulnerabilities/Trojans etc etc are NOT always written at that lower level are they? OSX IS just as vulnerable as the next to buffer overflow problems.
Lower levels? you mean the Command line interface? that is still user land bucko. that is not low level.
if you are referring to the fact that the windowing system is not as tested as windows or X11 in a secure environment, I would ask you to point to one instance where the windowing system was the place that was rooted, attacked by a worm to gain access to the administrator privileges, etc. viruses and trojans cannot be kept at bay because they attack from asocial engineering aspect and rely on morons. but the extent of the damage, like on any Unix Derived OS will remain in the user account who activated the code. other than the windowing system, OS X is supported by a fully Open SOurce system.
Anttech said:
Well Just because the kernel is BSD.. Does not mean that it cannt have OTHER security vulnerabilities that BSD does not have, for example between the GUI and the kernel layer, or the User layer and the Kernel layer… whatever!
first off, it is a mach micro kernel with BSD services. everything but the bare essentials is in user land, unlike Windows whose developers thought it was smart to put the Browser in the kernel space. second off, the GUI layer is the user layer. there is kernel space and user space. unless you are a device manager, Memory manager process manager or file system manager, you are not welcome to the kernel party and you have to live in user space.
Anttech said:
Now... I will come to the point of "Security through obscurity" OSX as we all know is not a default target for crackers... It has not been completely tested, we do not know enough about all the nooks and crannies of this complete OS... Do we? So 'in theory' it is there could be many holes, and to add to this Apple do NOT like to talk about security... Apple do NOT make it an objective of there’s to educate users regarding possible, theoretical or not, security vulnerabilities...
they don't like to talk about security? hmm, seems to me that apple releases security patches as soon as they are available, unlike the civ that is Microsoft windows whose parent company releases once a month if they get to it. what it is 35 vulnerabilities in IE still, and that is not counting the fact that active X controls run as administrator giving any website the ability to infect your computer with a worm or virus just from visiting the site...one would even say that Spyware and adware that is drive by downloaded and installed without the user's knowledge is in fact a virus.
Anttech said:
Tell me this, why don't the 3 letter agencies and governments of the world host there Mission critical applications and confidential Data on OSX?
easy...because their data is stored on huge databases and mainframes that are more than 10 years old...20 in some cases and the upgrade costs are ridiculous for even the most modest solution.
it has nothing to do with the security of the systems...if it did, Windows would not be sitting on any of the desktops and SELinux would be the only thing allowed to run, that or Trusted Solaris.
Anttech said:
a serious cracker (not just a script kiddie with some tools)could find vulnerabilities in the OS (possibly easily.. We just don't know), and exploit the system, at what ever layer you want...
yeah, and it is easier to do on a windows system. those critical systems are behind 10 diffrent firewalls and shadow servers. could a cracker still get in? hell yes, but ti would be hard as hell and they would get caught. it doe snot matter what OS you run, a cracker can get in because of the tools he/she employes. crackers are not stupid. you think that they would even try to root force into a government network? that is just stupid to try and a waste of time. there are more productive ways to gain access.
Anttech said:
I would say until it has been tested enough as its entirety and apple start (or keen Mac users, and we all know how zealous some Mac users are don’t we :-D ) creating documentation on OSX security it is "secured through obscurity" IMHO
you are basing your conclusion on the windowing system which is a system that is least likely to give root access to anything. could there be buffer over flow problems? sure, but if they are UI based the user would have to be sitting at the machine to exploit them, and in a secure environment, it is kinda hard to get into do such activities.
I would also like to add that windows does not have documentation, they have a track record. that track record says "stay away from me and use something more secure like OpenBSD"